PKCS#7 enveloped message
Hello, I need to generate a pkcs#7 certificate with a enveloped message inside it. As far as I understand this message (X509) will be encrypted with a random generated TDES key. This is my snippet, but it is still incomplete and some comments regarding my doubts, I hope someone could help me!! //Load rsa key above data=BIO_new_file(file.txt,r); recipient=PEM_read_bio_X509(data,NULL,NULL,NULL); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_add_recipient(p7, recipient); EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used?? pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here /* BIO_puts(data, Hello World!); //so here is my data? if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err; for (;;){ i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; BIO_write(p7bio,buf,i); } BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio);*/ PEM_write_PKCS7(stdout,p7); Thanks, []s Douglas Gemignani __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS#7 enveloped message
On Tue, Jan 12, 2010, Douglas Gemignani wrote: Hello, I need to generate a pkcs#7 certificate with a enveloped message inside it. As far as I understand this message (X509) will be encrypted with a random generated TDES key. This is my snippet, but it is still incomplete and some comments regarding my doubts, I hope someone could help me!! //Load rsa key above data=BIO_new_file(file.txt,r); recipient=PEM_read_bio_X509(data,NULL,NULL,NULL); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_add_recipient(p7, recipient); EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used?? pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here /* BIO_puts(data, Hello World!); //so here is my data? if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err; for (;;){ i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; BIO_write(p7bio,buf,i); } BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio);*/ PEM_write_PKCS7(stdout,p7); Look at the PKCS7_encrypt() manual page and demos/smime/smenc.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS#7 enveloped message
This looks like a recent change in the v1.0.0 beta *) Update PKCS#7 enveloped data routines to use new API. This is now supported by any public key method supporting the encrypt operation. A ctrl is added to allow the public key algorithm to examine or modify the PKCS#7 RecipientInfo structure if it needs to: for RSA this is a no op. [Steve Henson] I'm still using version 0.9.8k. I rather not use beta editions! I noticed the magic in the API is encapsulated here now: in = BIO_new_file(encr.txt, r); if (!in)goto err; /* encrypt content */ p7 = PKCS7_encrypt(recips, in, EVP_des_ede3_cbc(), flags); It probably setups the p7 struct and calls PKCS7_dataInit and PKCS7_dataFinal []s Douglas Gemignani On Tue, Jan 12, 2010 at 2:59 PM, Dr. Stephen Henson st...@openssl.org wrote: On Tue, Jan 12, 2010, Douglas Gemignani wrote: Hello, I need to generate a pkcs#7 certificate with a enveloped message inside it. As far as I understand this message (X509) will be encrypted with a random generated TDES key. This is my snippet, but it is still incomplete and some comments regarding my doubts, I hope someone could help me!! //Load rsa key above data=BIO_new_file(file.txt,r); recipient=PEM_read_bio_X509(data,NULL,NULL,NULL); PKCS7_set_type(p7, NID_pkcs7_enveloped); PKCS7_add_recipient(p7, recipient); EVP_PKEY_assign_RSA(pkey, rsa); //how will this RSA key be used?? pkey = EVP_PKEY_new(); EVP_PKEY_assign_RSA(pkey, rsa); PKCS7_set_cipher(p7, EVP_des_ede3_cbc()); //TDES generated here /* BIO_puts(data, Hello World!); //so here is my data? if ((p7bio = PKCS7_dataInit (p7,NULL)) == NULL) goto err; for (;;){ i=BIO_read(data,buf,sizeof(buf)); if (i = 0) break; BIO_write(p7bio,buf,i); } BIO_flush(p7bio); PKCS7_dataFinal(p7, p7bio);*/ PEM_write_PKCS7(stdout,p7); Look at the PKCS7_encrypt() manual page and demos/smime/smenc.c Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-us...@openssl.org Automated List Manager majord...@openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS#7 enveloped message
On Tue, Jan 12, 2010, Douglas Gemignani wrote: This looks like a recent change in the v1.0.0 beta *) Update PKCS#7 enveloped data routines to use new API. This is now supported by any public key method supporting the encrypt operation. A ctrl is added to allow the public key algorithm to examine or modify the PKCS#7 RecipientInfo structure if it needs to: for RSA this is a no op. [Steve Henson] I'm still using version 0.9.8k. I rather not use beta editions! That's an enhancement to the PKCS7 API which you wont need for your purposes. The support in OpenSSL 0.9.8k and earlier should suffice. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: PKCS#7 enveloped message problem
On Fri, 3 Aug 2001, Frank Geck wrote: I have the same issue. I used the openssl rand -out randfile 1024. this created the random bit file. I pointed RANDFILE to this file and get the same error PRNG not seeded. By the response below do I take it that the supplied enc.c program is wrong and we need to add RAND_seed()? ..or patch kernel to get random device. I'd rather say it's a bit lazy code. Yes, me guilty as well while making some examples. Everything is Ok there regarding PKCS7. The only point is one could consider to use OAEP for new development. Still everyone is *required* to care his PRNG himself to do any crypto for production. Point is openssl code will read random device available on some OS including linux and freebsd resulting in such an example program running there. have fun with never-ending seed your PRNG! story, Vadim __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
RE: PKCS#7 enveloped message problem
have u rand the seed with RAND_seed() ? Mars Lin -Original Message- From: long.chiang [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 02, 2001 11:58 AM To: [EMAIL PROTECTED] Subject: PKCS#7 enveloped message problem Hi, I am using pkcs7/enc.c for creating a PKCS#7 envepoed message. I get a error, saying PRNG not seeded, no matter how I set $RANFILE or .rnd file. What was the problem? - Long Chiang Manager Electronic Commerce Dept. TaiOne International Ltd. TEL: 886-2-23118711 ext 711 FAX: 886-2-23118110 [EMAIL PROTECTED] http://www.tai-one.com.tw -- __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ OpenSSL Project http://www.openssl.org User Support Mailing List[EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]